getexecattr man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

GETEXECATTR(3SECDB)					   GETEXECATTR(3SECDB)

NAME
       getexecattr,   free_execattr,  setexecattr,  endexecattr,  getexecuser,
       getexecprof, match_execattr - get execution profile entry

SYNOPSIS
       cc [ flag... ] file... -lsecdb  -lsocket	 -lnsl	[ library... ]
       #include <exec_attr.h>
       #include <secdb.h>

       execattr_t *getexecattr(void);

       void free_execattr(execattr_t *ep);

       void setexecattr(void);

       void endexecattr(void);

       execattr_t *getexecuser(const char *username, const char *type,
	    const char *id, int search_flag);

       execattr_t *getexecprof(const char *profname, const char *type,
	    const char *id, int search_flag);

       execattr_t *match_execattr(execattr_t *ep, char *profname,
	    char *type, char *id);

DESCRIPTION
       The  getexecattr()  function  returns  a	 single	 exec_attr(4)	entry.
       Entries	can  come  from	 any  of  the  sources	specified  in the nss‐
       witch.conf(4) file.

       Successive calls to getexecattr() return	 either	 successive  exec_attr
       entries	or  NULL. Because getexecattr() always returns a single entry,
       the next pointer in the	execattr_t data structure points to NULL.

       The internal representation of an  exec_attr  entry  is	an  execattr_t
       structure defined in  <exec_attr.h> with the following members:

	 char		   *name;   /* name of the profile */
	 char		   *type;   /* type of profile */
	 char		   *policy; /* policy under which the attributes are */
				    /* relevant*/
	 char		   *res1;   /* reserved for future use */
	 char		   *res2;   /* reserved for future use */
	 char		   *id;	    /* unique identifier */
	 kva_t		   *attr;   /* attributes */
	 struct execattr_s *next;   /* optional pointer to next profile */

       The  free_execattr()  function  releases	 memory.  It  follows the next
       pointers in the execattr_t structure so that the entire linked list  is
       released.

       The  setexecattr()  function "rewinds" to the beginning of the enumera‐
       tion of exec_attr entries. Calls to getexecuser() can leave the enumer‐
       ation  in  an  indeterminate  state. Therefore, setexecattr() should be
       called before the first call to getexecattr().

       The endexecattr() function can be called	 to  indicate  that  exec_attr
       processing  is  complete; the library can then close any open exec_attr
       file, deallocate any internal storage, and so forth.

       The getexecuser() function returns a linked list of entries that	 match
       the  type and id arguments and have a profile that has been assigned to
       the user specified by username, as described  in	 passwd(4).   Profiles
       for  the	 user  are  obtained  from  the	 list  of  default profiles in
       /etc/security/policy.conf (see  policy.conf(4))	and  the  user_attr(4)
       database.  Only	entries in the name service scope for which the corre‐
       sponding profile entry  is  found  in  the  prof_attr(4)	 database  are
       returned.

       The  getexecprof() function returns a linked list of entries that match
       the type and id arguments and have the profile specified by  the	 prof‐
       name  argument.	Only  entries  in the name service scope for which the
       corresponding profile entry is found  in	 the  prof_attr	 database  are
       returned.

       Using  getexecuser() and getexecprof(), programmers can search  for any
       type argument, such as the manifest constant KV_COMMAND. The  arguments
       are logically AND-ed together so that only entries exactly matching all
       of the arguments are returned. Wildcard matching applies if there is no
       exact  match  for an ID. Any argument can be assigned the NULL value to
       indicate that it is not used as part  of	 the  matching	criteria.  The
       search_flag  controls  whether  the  function  returns  the first match
       (GET_ONE), setting the next pointer to NULL  or	all  matching  entries
       (GET_ALL),  using  the  next  pointer  to  create  a linked list of all
       entries that meet the search criteria. See  EXAMPLES.

       Once a list of entries is returned by getexecuser()  or	getexecprof(),
       the  convenience	 function  match_execattr() can be used to identify an
       individual entry. It returns a pointer to the individual	 element  with
       the  same profile name ( profname), type name ( type), and id. Function
       parameters set to NULL are not used as part of the  matching  criteria.
       In  the	event that multiple entries meet the matching criteria, only a
       pointer to the first entry is returned. The kva_match(3SECDB)  function
       can be used to look up a key in a key-value array.

RETURN VALUES
       Those  functions	 returning data only return data related to the active
       policy.	The getexecattr() function returns a pointer to a   execattr_t
       if  it  successfully  enumerates	 an  entry; otherwise it returns NULL,
       indicating the end of the enumeration.

USAGE
       The getexecattr(), getexecuser(), and getexecprof() functions all allo‐
       cate memory for the pointers they return. This memory should be deallo‐
       cated with the free_execattr()  call.  The  match_execattr()(  function
       does  not  allocate  any	 memory.  Therefore, pointers returned by this
       function should not be deallocated.

       Individual attributes may be referenced in the attr structure by	 call‐
       ing the kva_match(3SECDB) function.

EXAMPLES
       Example 1 Find all profiles that have the  ping command.

	 if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping",
	     GET_ONE)) == NULL) {
		 /* do error */
	 }

       Example	2  Find the entry for the ping command in the Network Adminis‐
       tration Profile.

	 if ((execprof=getexecprof("Network Administration", KV_COMMAND,
	     "/usr/sbin/ping", GET_ALL))==NULL) {
		 /* do error */
	 }

       Example 3 Tell everything that can be done in the  Filesystem  Security
       profile.

	 if ((execprof=getexecprof("Filesystem Security", KV_NULL, NULL,
	     GET_ALL))==NULL)) {
		 /* do error */
	 }

       Example 4 Tell if the tar utility is in a profile assigned to user wet‐
       more. If there is no exact profile entry, the wildcard (*), if defined,
       is returned.

       The following tells if the tar utility is in a profile assigned to user
       wetmore. If there is no exact  profile  entry,  the  wildcard  (*),  if
       defined, is returned.

	 if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar",
	     GET_ONE))==NULL) {
		 /* do error */
	 }

FILES
       /etc/nsswitch.conf
				    configuration  file lookup information for
				    the name server switch

       /etc/user_attr
				    extended user attributes

       /etc/security/exec_attr
				    execution profiles

       /etc/security/policy.conf
				    policy definitions

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌───────────────┬─────────────────┐
       │ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
       ├───────────────┼─────────────────┤
       │MT-Level       │ MT-Safe	 │
       └───────────────┴─────────────────┘

SEE ALSO
       getauthattr(3SECDB),	 getuserattr(3SECDB),	    kva_match(3SECDB),
       exec_attr(4),  passwd(4),  policy.conf(4),  prof_attr(4), user_attr(4),
       attributes(5)

				 Mar 31, 2005		   GETEXECATTR(3SECDB)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net